Seam 2 problem with HTTP Authentication and multiple Hibernate sessions
malcomtom May 30, 2013 10:38 AMDear community,
My Webappliction is providing rest searvices via Resteasy. At the moment
I am doing authentication via Basic HTTP (over HTTPS).
User authentication/authorization - data is in the same database as the reast of the application data.
I defined an authentication filter and tqo hibernate sessions inside the "components.xml"
------------ snippet -------------------
<security:identity authenticate-method="#{authmodule.authenticate}" remember-me="true"/>
<web:authentication-filter url-pattern="/seam/resource/rest/*" auth-type="basic"/>
<persistence:managed-hibernate-session
name="rootSession" auto-create="true"
session-factory="#{myhibernateSessionFactory}" />
<persistence:managed-hibernate-session
name="secpersistanceSession" auto-create="true"
session-factory="#{myhibernateSessionFactory}" />
--------------------------------------------------
-------------------- Authmodule.java-------------------------
@Name("authmodule")
@Scope(ScopeType.APPLICATION)
public class Authmodule
{
@In Identity identity;
@In Credentials credentials;
public boolean authenticate(){
String username = credentials.getUsername();
String password = credentials.getPassword();
.....
search in Database for user with username/password and
return ture or false
....
}
}
-------------------------------------------------------------------
The problem is now, that After Authmodule.authenticate is called and finished, a "destroy"-call of the two managed-hibernate-sessions
is done. this closes the hibernate session and badly influences other working components, that are using the same hibernate sessions.
this further causes a lot of exceptions (e.g. transactions can not be commited, because hibernate connection is closed)
------------- Stacktrace ---------------------
CachedConnectionManager.unregisterConnection(ConnectionCacheListener, Object) line: 342 | |
TxConnectionManager$TxConnectionEventListener.connectionClosed(ConnectionEvent) line: 637 | |
LocalManagedConnection(BaseWrapperManagedConnection).closeHandle(WrappedConnection) line: 363 | |
WrappedConnectionJDK6(WrappedConnection).close() line: 155 | |
DatasourceConnectionProvider.closeConnection(Connection) line: 97 | |
ConnectionManager.closeConnection() line: 474 | |
ConnectionManager.cleanup() line: 408 | |
ConnectionManager.close() line: 347 | |
SessionImpl.close() line: 325 | |
FullTextSessionImpl.close() line: 281 | |
FullTextHibernateSessionProxy(HibernateSessionProxy).close() line: 85 | |
ManagedHibernateSession.close() line: 223 | |
ManagedHibernateSession.destroy() line: 177 | |
GeneratedMethodAccessor184.invoke(Object, Object[]) line: not available | |
DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43 | |
Method.invoke(Object, Object...) line: 601 | |
Reflections.invoke(Method, Object, Object...) line: 22 | |
Reflections.invokeAndWrap(Method, Object, Object...) line: 144 | |
Component.callComponentMethod(Object, Method, Object...) line: 2249 | |
Component.callDestroyMethod(Object) line: 2180 | |
Component.destroy(Object) line: 1469 | |
Contexts.destroy(Context) line: 251 | |
Contexts.flushAndDestroyContexts() line: 363 | |
ServletLifecycle.endRequest(HttpServletRequest) line: 64 | |
ResteasyResourceAdapter$1(ContextualHttpServletRequest).run() line: 56 | |
ResteasyResourceAdapter.getResource(HttpServletRequest, HttpServletResponse) line: 121 | |
SeamResourceServlet.service(HttpServletRequest, HttpServletResponse) line: 80 | |
SeamResourceServlet(HttpServlet).service(ServletRequest, ServletResponse) line: 803 | |
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 290 | |
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 83 | |
LoggingFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 60 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
AuthenticationFilter.processBasicAuth(HttpServletRequest, HttpServletResponse, FilterChain) line: 185 | |
AuthenticationFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 121 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
IdentityFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 40 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
MultipartFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 90 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
ExceptionFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 64 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
RedirectFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 45 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
ConfigurableXMLFilter(BaseXMLFilter).doXmlFilter(FilterChain, HttpServletRequest, HttpServletResponse) line: 178 | |
Filter(BaseFilter).handleRequest(HttpServletRequest, HttpServletResponse, FilterChain) line: 290 | |
Filter(BaseFilter).processUploadsAndHandleRequest(HttpServletRequest, HttpServletResponse, FilterChain) line: 368 | |
Filter(BaseFilter).doFilter(ServletRequest, ServletResponse, FilterChain) line: 495 | |
Ajax4jsfFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 56 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 69 | |
SeamFilter$FilterChainImpl.doFilter(ServletRequest, ServletResponse) line: 73 | |
SeamFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 158 | |
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 235 | |
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206 | |
ReplyHeaderFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 96 | |
ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 235 | |
ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206 | |
StandardWrapperValve.invoke(Request, Response) line: 230 | |
StandardContextValve.invoke(Request, Response) line: 175 | |
SecurityAssociationValve.invoke(Request, Response) line: 182 | |
NonLoginAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 432 |
-----------------------------------------------------
Contexts.destroy(Context)line:251 shows a variable ServerConversationContext.additions, thats HashMap with {secpersistanceSession=ManagedHibernateSession, rootSession=ManagedHibernateSession)}
Is there any good approache how i could solve this tricky problem that the ManagedHibernateSession are not closed?
i am using Seam 2.2.0
I am looking foward for any hint. thanking you in advance
best regards
malcom